diff --git a/security/nss/Makefile b/security/nss/Makefile index 90c1342d7696..aa8ab6679948 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -1,102 +1,102 @@ # Created by: Maxim Sobolev # $FreeBSD$ PORTNAME= nss -PORTVERSION= 3.23 +PORTVERSION= 3.24 #DISTVERSIONSUFFIX= -with-ckbi-1.98 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src MAINTAINER= gecko@FreeBSD.org COMMENT= Libraries to support development of security-enabled applications BUILD_DEPENDS= zip:archivers/zip \ nspr>=4.12:devel/nspr \ sqlite3>=3.7.15:databases/sqlite3 LIB_DEPENDS= libnspr4.so:devel/nspr \ libsqlite3.so:databases/sqlite3 WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/nss MAKE_JOBS_UNSAFE= yes USE_LDCONFIG= ${PREFIX}/lib/nss USES= cpe gmake perl5 CPE_VENDOR= mozilla CPE_PRODUCT= network_security_services USE_PERL5= build MAKE_ENV= LIBRARY_PATH="${LOCALBASE}/lib" \ SQLITE_INCLUDE_DIR="${LOCALBASE}/include" \ FREEBL_LOWHASH=1 \ NSS_DISABLE_GTESTS=1 \ NSS_USE_SYSTEM_SQLITE=1 CFLAGS+= -I${LOCALBASE}/include/nspr SUB_FILES= nss-config nss.pc SUB_LIST= PORTVERSION=${PORTVERSION} DIST= ${WRKSRC:H}/dist EXTRACT_AFTER_ARGS=--exclude */lib/zlib --exclude */lib/dbm --exclude */lib/sqlite INSTALL_BINS= certcgi certutil cmsutil crlutil derdump makepqg \ mangle modutil ocspclnt oidcalc p7content p7env p7sign \ p7verify pk12util rsaperf shlibsign signtool signver \ ssltap strsclnt symkeyutil vfychain vfyserv OPTIONS_DEFINE= DEBUG .include .if ! ${PORT_OPTIONS:MDEBUG} MAKE_ENV+= BUILD_OPT=1 BINS= ${DIST}/${OPSYS}${OSREL}_OPT.OBJ .else BINS= ${DIST}/${OPSYS}${OSREL}_DBG.OBJ .endif .if ${OPSYS} == FreeBSD && ${ARCH} == amd64 USE_BINUTILS= # intel-gcm.s CC+= -B${LOCALBASE}/bin .endif check regression-test test: cd ${WRKSRC}/tests; \ ${SETENV} PATH="${BINS}/bin:${PATH}" \ LD_LIBRARY_PATH="${BINS}/lib" \ ${MAKE_ENV} \ ./all.sh @if ${GREP} -Fh '>Failed<' \ ${WRKSRC:H}/tests_results/security/*/results.html; then \ echo "Some tests have failed. Let ${MAINTAINER} know."; \ exit 1; \ else \ echo "All tests succeeded. Good news."; \ fi post-patch: @${REINPLACE_CMD} '/NSS_DEFAULT_SYSTEM/s,/etc,${PREFIX}&,' \ ${WRKSRC}/lib/sysinit/nsssysinit.c @cd ${WRKSRC} && \ ${FIND} . -name "*.c" -o -name "*.h" | \ ${XARGS} ${REINPLACE_CMD} -e 's|"nspr.h"||' ${FIND} ${WRKSRC}/tests -name '*.sh' | ${XARGS} ${GREP} -l -F '/bin/bash' | \ ${XARGS} ${REINPLACE_CMD} -e 's|#! */bin/bash|#!${SH}|' do-install: ${MKDIR} ${STAGEDIR}${PREFIX}/include/nss/nss ${STAGEDIR}${PREFIX}/lib/nss ${FIND} ${DIST}/public/nss -type l \ -exec ${INSTALL_DATA} {} ${STAGEDIR}${PREFIX}/include/nss/nss \; ${INSTALL_LIB} ${BINS}/lib/*.so.1 \ ${STAGEDIR}${PREFIX}/lib/nss ${INSTALL_DATA} ${BINS}/lib/libcrmf.a \ ${STAGEDIR}${PREFIX}/lib/nss .for bin in ${INSTALL_BINS} ${INSTALL_PROGRAM} ${BINS}/bin/${bin} \ ${STAGEDIR}${PREFIX}/bin .endfor cd ${BINS}/lib && \ ${TAR} -cf - *.so | ${TAR} --unlink -C ${STAGEDIR}${PREFIX}/lib/nss -xf - ${INSTALL_SCRIPT} ${WRKDIR}/nss-config ${STAGEDIR}${PREFIX}/bin ${INSTALL_DATA} ${WRKDIR}/nss.pc ${STAGEDIR}${PREFIX}/libdata/pkgconfig .include diff --git a/security/nss/distinfo b/security/nss/distinfo index 40feb66bddd7..a95107db1928 100644 --- a/security/nss/distinfo +++ b/security/nss/distinfo @@ -1,2 +1,2 @@ -SHA256 (nss-3.23.tar.gz) = 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf -SIZE (nss-3.23.tar.gz) = 7467001 +SHA256 (nss-3.24.tar.gz) = 2f0841492f91cca473b73dec6cab9cf765a485e032d48d2e8ae7261e54c419ed +SIZE (nss-3.24.tar.gz) = 7307782 diff --git a/security/nss/files/patch-bug1250891 b/security/nss/files/patch-bug1250891 deleted file mode 100644 index 1582d2bb5320..000000000000 --- a/security/nss/files/patch-bug1250891 +++ /dev/null @@ -1,100 +0,0 @@ -diff --git a/coreconf/FreeBSD.mk b/coreconf/FreeBSD.mk ---- coreconf/FreeBSD.mk -+++ coreconf/FreeBSD.mk -@@ -21,7 +21,7 @@ ifeq ($(CPU_ARCH),amd64) - CPU_ARCH = x86_64 - endif - --OS_CFLAGS = $(DSO_CFLAGS) -ansi -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK -+OS_CFLAGS = $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK - - DSO_CFLAGS = -fPIC - DSO_LDOPTS = -shared -Wl,-soname -Wl,$(notdir $@) -diff --git a/coreconf/NetBSD.mk b/coreconf/NetBSD.mk ---- coreconf/NetBSD.mk -+++ coreconf/NetBSD.mk -@@ -26,7 +26,7 @@ else - DLL_SUFFIX = so.1.0 - endif - --OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -Wno-switch -pipe -DNETBSD -Dunix -DHAVE_STRERROR -DHAVE_BSD_FLOCK -+OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -Wno-switch -pipe -DNETBSD -Dunix -DHAVE_STRERROR -DHAVE_BSD_FLOCK - - OS_LIBS = -lcompat - -diff --git a/coreconf/OpenBSD.mk b/coreconf/OpenBSD.mk ---- coreconf/OpenBSD.mk -+++ coreconf/OpenBSD.mk -@@ -26,7 +26,7 @@ endif - - DLL_SUFFIX = so.1.0 - --OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -Wno-switch -pipe -DOPENBSD -+OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -Wno-switch -pipe -DOPENBSD - - OS_LIBS = - -diff --git a/coreconf/Werror.mk b/coreconf/Werror.mk ---- coreconf/Werror.mk -+++ coreconf/Werror.mk -@@ -5,6 +5,15 @@ - - # This sets WARNING_CFLAGS for gcc-like compilers. - -+ifndef CC_IS_CLANG -+ CC_IS_CLANG := $(and $(findstring clang, $(shell $(CC) --version 2>&1)), 1) -+ # Clang claims GCC 4.2.1 compatibility, see GCC_VERSION -+ CC_IS_GCC = 1 -+ # Export CC_IS_CLANG and CC_IS_GCC to save a shell invocation when recursing. -+ export CC_IS_CLANG -+ export CC_IS_GCC -+endif -+ - ifndef CC_IS_GCC - CC_IS_GCC := $(shell $(CC) -x c -E -Wall -Werror /dev/null >/dev/null 2>&1 && echo 1) - # Export CC_IS_GCC to save a shell invocation when recursing. -@@ -38,7 +44,7 @@ ifndef WARNING_CFLAGS - disable_warning = $(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1)) - - WARNING_CFLAGS = -Wall -- ifeq ($(CC_NAME),clang) -+ ifdef CC_IS_CLANG - # -Qunused-arguments : clang objects to arguments that it doesn't understand - # and fixing this would require rearchitecture - WARNING_CFLAGS += -Qunused-arguments -@@ -62,10 +68,10 @@ ifndef WARNING_CFLAGS - NSS_ENABLE_WERROR = 0 - $(warning OS_TARGET is Android, disabling -Werror) - else -- ifeq ($(CC_NAME),clang) -+ ifdef CC_IS_CLANG - # Clang reports its version as an older gcc, but it's OK - NSS_ENABLE_WERROR = 1 -- else ifeq ($(CC_NAME),gcc) -+ else ifdef CC_IS_GCC - ifneq (,$(filter 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) - NSS_ENABLE_WERROR = 1 - endif -diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile ---- lib/freebl/Makefile -+++ lib/freebl/Makefile -@@ -484,7 +484,7 @@ endif - - # poly1305-donna-x64-sse2-incremental-source.c requires __int128 support - # in GCC 4.6.0. --ifeq ($(CC_NAME),clang) -+ifdef CC_IS_CLANG - HAVE_INT128_SUPPORT = 1 - else ifeq (1,$(CC_IS_GCC)) - ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION)))) -@@ -697,8 +697,8 @@ ifdef INTEL_GCM - # symbolic names to registers, for example, - # .set Htbl, %rdi - # So we can't use Clang's integrated assembler with intel-gcm.s. --ifneq (,$(findstring clang,$(shell $(AS) --version))) --$(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): ASFLAGS += -no-integrated-as -+ifdef CC_IS_CLANG -+$(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): CFLAGS += -no-integrated-as - endif - endif - diff --git a/security/nss/files/patch-const b/security/nss/files/patch-const index de5fae9f6601..ccefa75c7825 100644 --- a/security/nss/files/patch-const +++ b/security/nss/files/patch-const @@ -1,46 +1,48 @@ --- cmd/modutil/modutil.h Sun Apr 25 11:02:47 2004 +++ cmd/modutil/modutil.h Fri Jul 22 17:35:20 2005 @@ -53,6 +53,6 @@ #include "error.h" -Error FipsMode(char *arg); -Error ChkFipsMode(char *arg); +Error FipsMode(const char *arg); +Error ChkFipsMode(const char *arg); Error AddModule(char *moduleName, char *libFile, char *ciphers, char *mechanisms, char* modparms); --- cmd/modutil/pk11.c Sun Apr 25 11:02:47 2004 +++ cmd/modutil/pk11.c Fri Jul 22 17:36:48 2005 @@ -53,5 +53,5 @@ */ Error -FipsMode(char *arg) +FipsMode(const char *arg) { char *internal_name; -@@ -62,14 +62,16 @@ - SECMOD_GetInternalModule()->commonName); - if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { -- PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); -+ PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name); - PR_smprintf_free(internal_name); - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } -- PR_smprintf_free(internal_name); - if (!PK11_IsFIPS()) { -+ PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name); -+ PR_smprintf_free(internal_name); - PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); - return FIPS_SWITCH_FAILED_ERR; - } -+ PR_smprintf_free(internal_name); - PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); - } else { +@@ -25,16 +25,18 @@ FipsMode(char *arg) + internal_name = PR_smprintf("%s", + SECMOD_GetInternalModule()->commonName); + if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { +- PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); ++ PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name); + PR_smprintf_free(internal_name); + PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); + return FIPS_SWITCH_FAILED_ERR; + } +- PR_smprintf_free(internal_name); + if (!PK11_IsFIPS()) { ++ PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name); ++ PR_smprintf_free(internal_name); + PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); + return FIPS_SWITCH_FAILED_ERR; + } ++ PR_smprintf_free(internal_name); + PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); + } else { + PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); @@ -112,5 +114,5 @@ */ Error -ChkFipsMode(char *arg) +ChkFipsMode(const char *arg) { if(!PORT_Strcasecmp(arg, "true")) { diff --git a/security/nss/pkg-plist b/security/nss/pkg-plist index 74d9b3e388e9..dacf1c3c2593 100644 --- a/security/nss/pkg-plist +++ b/security/nss/pkg-plist @@ -1,139 +1,143 @@ bin/certcgi bin/certutil bin/cmsutil bin/crlutil bin/derdump bin/makepqg bin/mangle bin/modutil bin/nss-config bin/ocspclnt bin/oidcalc bin/p7content bin/p7env bin/p7sign bin/p7verify bin/pk12util bin/rsaperf bin/shlibsign bin/signtool bin/signver bin/ssltap bin/strsclnt bin/symkeyutil bin/vfychain bin/vfyserv include/nss/nss/base64.h include/nss/nss/blapit.h include/nss/nss/cert.h include/nss/nss/certdb.h include/nss/nss/certt.h include/nss/nss/ciferfam.h include/nss/nss/cmmf.h include/nss/nss/cmmft.h include/nss/nss/cms.h include/nss/nss/cmsreclist.h include/nss/nss/cmst.h include/nss/nss/crmf.h include/nss/nss/crmft.h include/nss/nss/cryptohi.h include/nss/nss/cryptoht.h include/nss/nss/ecl-exp.h include/nss/nss/hasht.h include/nss/nss/jar-ds.h include/nss/nss/jar.h include/nss/nss/jarfile.h include/nss/nss/key.h include/nss/nss/keyhi.h include/nss/nss/keyt.h include/nss/nss/keythi.h +include/nss/nss/lowkeyi.h +include/nss/nss/lowkeyti.h include/nss/nss/nss.h include/nss/nss/nssb64.h include/nss/nss/nssb64t.h include/nss/nss/nssbase.h include/nss/nss/nssbaset.h include/nss/nss/nssck.api include/nss/nss/nssckbi.h include/nss/nss/nssckepv.h include/nss/nss/nssckft.h include/nss/nss/nssckfw.h include/nss/nss/nssckfwc.h include/nss/nss/nssckfwt.h include/nss/nss/nssckg.h include/nss/nss/nssckmdt.h include/nss/nss/nssckt.h include/nss/nss/nssilckt.h include/nss/nss/nssilock.h include/nss/nss/nsslocks.h include/nss/nss/nsslowhash.h include/nss/nss/nssrwlk.h include/nss/nss/nssrwlkt.h include/nss/nss/nssutil.h include/nss/nss/ocsp.h include/nss/nss/ocspt.h include/nss/nss/p12.h include/nss/nss/p12plcy.h include/nss/nss/p12t.h include/nss/nss/pk11func.h include/nss/nss/pk11pqg.h include/nss/nss/pk11priv.h include/nss/nss/pk11pub.h include/nss/nss/pk11sdr.h include/nss/nss/pkcs11.h include/nss/nss/pkcs1sig.h include/nss/nss/pkcs11f.h include/nss/nss/pkcs11n.h include/nss/nss/pkcs11p.h include/nss/nss/pkcs11t.h include/nss/nss/pkcs11u.h include/nss/nss/pkcs12.h include/nss/nss/pkcs12t.h include/nss/nss/pkcs7t.h include/nss/nss/portreg.h include/nss/nss/preenc.h include/nss/nss/secasn1.h include/nss/nss/secasn1t.h include/nss/nss/seccomon.h include/nss/nss/secder.h include/nss/nss/secdert.h include/nss/nss/secdig.h include/nss/nss/secdigt.h include/nss/nss/secerr.h include/nss/nss/sechash.h include/nss/nss/secitem.h include/nss/nss/secmime.h include/nss/nss/secmod.h include/nss/nss/secmodt.h include/nss/nss/secoid.h include/nss/nss/secoidt.h include/nss/nss/secpkcs5.h include/nss/nss/secpkcs7.h include/nss/nss/secport.h include/nss/nss/shsign.h include/nss/nss/smime.h include/nss/nss/ssl.h include/nss/nss/sslerr.h include/nss/nss/sslproto.h include/nss/nss/sslt.h include/nss/nss/utilmodt.h include/nss/nss/utilpars.h include/nss/nss/utilparst.h include/nss/nss/utilrename.h lib/nss/libcrmf.a lib/nss/libfreebl3.so lib/nss/libfreebl3.so.1 +lib/nss/libfreeblpriv3.so +lib/nss/libfreeblpriv3.so.1 lib/nss/libnss3.so lib/nss/libnss3.so.1 lib/nss/libnssckbi.so lib/nss/libnssckbi.so.1 lib/nss/libnssdbm3.so lib/nss/libnssdbm3.so.1 lib/nss/libnssutil3.so lib/nss/libnssutil3.so.1 lib/nss/libsmime3.so lib/nss/libsmime3.so.1 lib/nss/libsoftokn3.so lib/nss/libsoftokn3.so.1 lib/nss/libssl3.so lib/nss/libssl3.so.1 libdata/pkgconfig/nss.pc